DHS cultivates cyber workforce, tools

Agency of the Month

The Homeland Security Department's Einstein intrusion prevention and intrusion
detection program was falling behind the technology curve. The agency was
depending on hardware that had become out of date before many departments got a
chance to use it.

Mark Weatherford, the DHS under secretary for cybersecurity in the National
Protection and Programs Directorate, changed the focus of the program about a year ago.

"I looked at the program and said the technology has moved on and we need to
figure out a way to get the technology for intrusion prevention out there faster
for civilian agencies," Weatherford said Tuesday during an exclusive interview on
In Depth with Francis Rose as part of Federal News Radio's Agency
of the Month series. "We've been working with our federal partners, with the
Defense Department and we've re-engineered the solution from a hardware- to a
software-based platform. We've pushed it out more broadly where all federal
agencies can participate in it almost immediately."

He added the move to E3A (Einstein 3-
Accelerated) still will be a multi-year effort, but DHS made the program more
flexible so it can stay technologically relevant over the implementation timeline.

DHS began implementing Einstein in 2004 as a sensor and network flow management
tool. It expanded Einstein to be an intrusion detection system and implemented it
across at least 15 civilian agencies over the last four years.

The agency has been testing Einstein 3, which expands again to be an intrusion
prevention tool, for the last few years.

Weatherford said E3A will help agencies move out a reactionary mentality.

"It's hard to block something you don't know exists," he said. "We work very
closely with the government agencies in issuing out and getting them threat and
vulnerability information."

He said because cybersecurity is getting so much attention across the government
and on Capitol Hill, agencies are becoming more proactive in how they defend their
networks and systems.

Changes to the workforce

Beyond tools like Einstein, DHS and other agencies need employees with the right
skill sets.

Chris Cummiskey, DHS' deputy under secretary for management, said the types of
skills cyber workers need are changing.

"It ranges from watch-floor types of activities to analytics to forensics," he
said.

Weatherford said his office is hiring people with hard skills, the type one gets
from banging on a keyboard, breaking it open and then putting it back together
again.

"What we really look for are those with deep technical skills, but can also
analyze an event," he said. "You really look for people who look at problems
differently. Many of these skills are the kind that can't be taught, but take a
lot of experience."

Finding these types of people isn't easy and nearly every agency and private
sector firm is competing for their services.

Cummiskey said DHS is taking advantage of special hiring authority the Office of
Personnel Management granted them a few years ago. The authority lets DHS speed up
the hiring process in order to place cyber workers and not lose them to the
competition.

The other approach to finding the right workers is offering them interesting work.

"We want to be in the same cadre as DoD, the FBI and others," he said. "If you are
really serious about a career in this, you will stop at DHS and spend a few
years."

Opportunities abound at DHS

Weatherford said the mission space around cybersecurity is vast at DHS.

"There are not many places you go in the government or in the private sector in
the cybersecurity arena where you can get the breadth of experience that you get,"
he said. "That really is a big draw for us. I talk to people and tell them to come
work at DHS as a stop in your private sector career."

He said having someone work in the private sector, come to government and then
eventually go back to the private sector is beneficial to all because they get to
see cybersecurity from the different perspectives.

Weatherford's office has been hiring hundreds of cyber professionals, but also has
faced a fair amount of turnover.

Over the last year, DHS lost five senior officials, and since January, four new
senior executives have come to DHS. Since the fall, almost the entire management
team that oversees cybersecurity in NPPD is new.

Weatherford said he doesn't think the changes at NPPD are any different than other
agencies or in the private sector, however.